You can configure IIS to use SSL relatively easily. The main consideration is the type of certificate to use.
There are two choices, self certificate or a certificate from a recognised certificate authority. You should always use a certificate authority for production systems, especially systems which will be accessed by people outside of your department/college or outside the cam domain.
You should in most cases use a certificate from a trusted authority. UIS makes certificates available for the University from third parties, the source of these certificates does change over time but they are always from a reliable certificate authority.
Full information on this can be found at http://www.cam.ac.uk/cs/tlscerts/.
Windows server comes with a certificate authority server which you can use to self certificate. This is useful for testing purposes or if you want an internal certificate only.
Generating a Self Certificate
To generate a self certificate and install a certificate of any type see the IIS Certificates page
Configuring IIS to use SSL
Once you have a valid certificate installed in IIS you need to enable SSL on your website.
- Open the properties for the website, subfolder or virtual directory you want to secure with SSL.
- Select the Directory Security tab.
- In the Secure Communications section click Edit.
- Put a tick in the box for "Require secure channel (SSL)".
- Click OK, then Apply then OK.
- Close IIS Manager.
In order for the changes to take place immediately you need to restart IIS or the server as a whole. Otherwise the changes will not take place for at least 10 minutes. To restart IIS on its own, open a command-line prompt on the server and enter:
- iisreset /NOFORCE
This will restart IIS and complete the installation of the intermediate certificate.